UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit bbe7223a authored by Douglas Lagemann's avatar Douglas Lagemann
Browse files

BULL-3245: Add dependency check job

parent 9e813f89
Branches master
No related tags found
1 merge request!10BULL-3245: Add dependency check job
services:
dependency-check<<subProject>>:
image: owasp/dependency-check:11.1.1
container_name: dependency-check<<subProject>>
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/dependency-check/entrypoint.sh"]
working_dir: /local-dev
environment:
- REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/dependency-check<<subProject>>
- SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/dependency-check
- UTILITY_DIR=/local-dev/${BASE_SCRIPTS_DIR}/utility
- SCAN_ITEM=/app/<<dependencyFile>>
- CI_JOB_NAME=dependency-check<<subProject>>
- DATA_DIRECTORY=/usr/share/dependency-check/data
- CACHE_DIRECTORY=/usr/share/dependency-check/data/cache
- DC_PROJECT="xx_project_name_xx<<subProject>>"
volumes:
- ./:/local-dev
- ./xx_project_name_xx<<subProject>>:/app
- dependency-check-data:/usr/share/dependency-check/data
volumes:
dependency-check-data:
name: dependency-check-data
......@@ -3,6 +3,7 @@ useBaseline: formulas/baselines/universal.yml
pipeline:
substitutions:
exclusions: package-lock.json node_modules
dependencyFile: package-lock.json
pipelineJobs:
npm-lint:
composeFile: docker/pipeline-jobs/docker-compose-npm-lint.yml
......
......@@ -2,6 +2,7 @@ pipeline:
substitutions:
subProject: ''
exclusions: ''
dependencyFile: ''
pipelineJobs:
trufflehog:
composeFile: docker/pipeline-jobs/docker-compose-trufflehog.yml
......@@ -9,6 +10,8 @@ pipeline:
composeFile: docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
find-unauthorized:
composeFile: docker/pipeline-jobs/docker-compose-find-unauthorized.yml
dependency-check:
composeFile: docker/pipeline-jobs/docker-compose-dependency-check.yml
getLocalDevDirs:
- from: root
......@@ -23,6 +26,8 @@ getLocalDevDirs:
to: scripts/dockerfile-lint
- from: scripts/find-unauthorized
to: scripts/find-unauthorized
- from: scripts/dependency-check
to: scripts/dependency-check
getLocalDevFiles:
- from: scripts/setup.sh
......
#!/bin/sh
# This is a combination of a script designed to run Dependency Check on a local machine
# and the CI/CD execution steps from https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/dependency-check/base.yml
mkdir -p ${REPORTS_DIR}
rm -f ${REPORTS_DIR}/*
mkdir -p ${CACHE_DIRECTORY}
# monitor status disabled until we can run the gate check script
# ${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev"
# set -o pipefail
/usr/share/dependency-check/bin/dependency-check.sh \
--project ${DC_PROJECT} \
--scan ${SCAN_ITEM} \
--format "HTML" --format "JSON" \
--out ${REPORTS_DIR}
# monitor status disabled until we can run the gate check script, dependent on sonarqube server
# if [ "$?" == "0" ]; then
# ${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s pass -r pass
# else
# if [ -s "${REPORTS_DIR}/${CI_JOB_NAME}.out" ]; then
# ${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
# fi
# exit 1
# fi
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment